openvas-nasl man page

openvas-nasl — Nessus Attack Scripting Language


openvas-nasl <[-vh] [-T tracefile] [-s] [-t target] [-c config_file] [-d] [-sX] > files...


openvas-nasl executes a set of NASL scripts against a given target host. It can also be used to determine if a NASL script has any syntax errors by running it in parse (-p) or lint (-L) mode.


-T tracefile
Makes nasl write verbosely what the script does in the file tracefile , ala 'set -x' under sh
-t target
Apply the NASL script to target which may be a single host (, a whole subnet ( or several subnets (,
-e iface
Specifies the network interface to be used as the source for established connections.
Sets the return value of safe_checks() to 1. (See the OpenVAS documentation to know what the safe checks are)
Only run the description part of the script.
Runs in description mode before running the script.
Lint the script (run extended checks).
Run the script in authenticated mode. For more information see the nasl reference manual
Show help
Show the version of NASL.
Output debug information to stderr.

See Also

The NASL2 reference manual openvassd(8).


NASL comes from a private project called 'pkt_forge', which was written in late 1998 by Renaud Deraison and which was an interactive shell to forge and send raw IP packets (this pre-dates Perl's Net::RawIP by a couple of weeks). It was then extended to do a wide range of network-related operations and integrated into Nessus as 'NASL'.

The parser was completely hand-written and a pain to work with. In Mid-2002, Michel Arboi wrote a bison parser for NASL, and he and Renaud Deraison re-wrote NASL from scratch. Although the "new" NASL was nearly working as early as August 2002, Michel's lazyness made us wait for early 2003 to have it working completely.


Most of the engine is (C) 2003 Michel Arboi, most of the built-in functions are (C) 2003 Renaud Deraison


Explore man page connections for openvas-nasl(1).